A peek inside online crime
hubs
Bill Zahren
Somewhere, right now, deep in the bowels of an anonymous
server in a dark room in, say, Iran,
a “carder forum” is brewing up the next scheme aimed at stealing your money.
Carder forums and chat rooms are highly exclusive online
bazaars where criminals who embrace the dark side of technology meet to
exchange the information and criminal services that create what’s been called a
shadow, “microeconomy.”
Security experts call these forums “the Wal-Mart of the
underground” where anything you need to commit electronic crimes is for sale or
barter.
In these digital back alleys, you can hire “bot
masters” to unleash legions of contaminated computers on a vast array of tasks.
One of those bots may be lurking inside your computer right now. Waiting for
the secret, back-channel command to awaken and carry out some nefarious task.
Databases filled with hundreds or thousands of stolen
identities, hacked bank accounts and compromised credit card numbers are
offered for sale. You can also find “cashers” looking to buy information they
can convert into cash and merchandise. Others offer to recruit unsuspecting “mules”
to serve as the final link that turns a digital scam into physical currency.
Ironically the forums feature extreme security measures and
are run by bosses who thoroughly vet and police participants. Forum leaders even
try to assimilate rival forums by force in digital gangland-style takeovers.
Creation of online
scams is no longer the work of loners cranking out code in darkened rooms.
Today’s torrent of spam, phishing scams and other online schemes are the product
of a thriving criminal economy where people have developed specialties and
collaboration and collusion is the rule rather the exception.
These are real,
ruthless criminals, cloaked in the anonymity of the Internet and motivated by
billions of dollars of profit. David DeWalt, CEO of security giant McAfee says
online scams of all types now cost businesses and individuals $105 billion a
year, surpassing the value of the worldwide illegal drug trade.
Given the relatively low costs for electronic messages,
email, pseudo Web sites and the like, online scams can quickly deliver 1000
percent return on investment. A November 2006 Trend Micro white paper on
phishing details arrested criminals who turned $60 software into $100,000 in
profits. Another was generating $430 every day, automatically, at the time of
arrest.
The “bad guys” ruthlessly exploit any opportunity to fleece
unsuspecting computer users. Nothing is sacred. Shortly after Hurricane Katrina
made confetti of much of the gulf coast, killing scores of people and leaving
third-world suffering in her wake, the phish were swarming with fake “donate to
help Katrina Victims” email.
Digital gangsters
are even fine with cashing in on terrorism. One superforum leader recently
bragged that its main server is located in Iran, perhaps the country that’s least likely to
cooperate with U.S.law-enforcement authorities.
In 2004, law
enforcement briefly disrupted these forums by infiltrating and arresting
participants. The forums reacted like an attacked virus – mutating and
reforming in more secure, more dispersed forms. Today law enforcement agents
liken chasing online criminals to chasing terrorists in Afghanistan; you know they are out there, but finding all
their caves and hiding places is virtually impossible.
Experts agree the best
weapon in the battle against the digital underground remains consumer awareness
and caution. John Thompson, CEO of security giant Symantec (maker of the Norton
suite of protection products) told USA Today that Internet users must develop a
“sixth sense about security” just as they have about being sure to lock their
houses and cars and sense when situations in the real world are inherently
dangerous.
As diabolical as
the online criminals are, their schemes often come down to the ability to
deceive someone into providing personal data. Following some basic online
guidelines for thwarting Internet crime can dramatically reduce your
chances of being victimized and take some buzz out of the buzzing forums.